adding a new SSH fingerprint alongside existing one

Advertisement

HappyChappy
Joined:
Posts:
10

adding a new SSH fingerprint alongside existing one

Hi,

We SFTP to another client on a daily basis. They have advised that they are going to be migrating their server over a weekend and as a result their SFTP server's fingerprint will change from its current value.

They ask that the new fingerprint is added to our SFTP client's trusted key store ahead of the migration date. This will ensure that our connection is not blocked by our SFTP client when the fingerprint changes. They have supplied the new fingerprint "ssh-rsa 1024 1x:11:xx:xx:80:74:a2:c9:59:yy:bb:0p:78:d8:bd:u2"

Is there a way I can add this new fingerprint in along side the existing one so that the migration can be as seamless as possible?

Thanks,

HappyChappy

Reply with quote

Advertisement

Chris David
Joined:
Posts:
14

Re: adding a new SSH fingerprint alongside existing one

HappyChappy wrote:

Hi,

We SFTP to another client on a daily basis. They have advised that they are going to be migrating their server over a weekend and as a result their SFTP server's fingerprint will change from its current value.

They ask that the new fingerprint is added to our SFTP client's trusted key store ahead of the migration date. This will ensure that our connection is not blocked by our SFTP client when the fingerprint changes. They have supplied the new fingerprint "ssh-rsa 1024 1x:11:xx:xx:80:74:a2:c9:59:yy:bb:0p:78:d8:bd:u2"

Is there a way I can add this new fingerprint in along side the existing one so that the migration can be as seamless as possible?

Thanks,

HappyChappy

I think you have the ability to provide multiple fingerprints each needing to be separated by a semi-colon.

Reply with quote

HappyChappy
Joined:
Posts:
10

spoke to soon:

I got error in log: Script: Unknown command '1024'

code is like:

%SECUREFTP% /log="E:\Client\Logs\test.log" /command "option batch abort" "open -timeout=60 sftp://Username:Password@111.111.111.1:22/test/ -hostkey="ssh-rsa 1024 x2:v4:n6:f8:z1:c3:65:77:45:32:98:8b:7b:09:9j:s0";"ssh-rsa 1024 g5:v4:n6:p8:z1:c3:88:77:45:xj:98:8b:7b:h9:9j:s0"" "put -transfer=ascii -nopreservetime -nopermissions -delete "E:\Host\Primary\Test\fingerprinttest.csv"" "exit"

Reply with quote

Chris David
Joined:
Posts:
14

HappyChappy wrote:

spoke to soon:

I got error in log: Script: Unknown command '1024'

code is like:

%SECUREFTP% /log="E:\Client\Logs\test.log" /command "option batch abort" "open -timeout=60 sftp://Username:Password@111.111.111.1:22/test/ -hostkey="ssh-rsa 1024 x2:v4:n6:f8:z1:c3:65:77:45:32:98:8b:7b:09:9j:s0";"ssh-rsa 1024 g5:v4:n6:p8:z1:c3:88:77:45:xj:98:8b:7b:h9:9j:s0"" "put -transfer=ascii -nopreservetime -nopermissions -delete "E:\Host\Primary\Test\fingerprinttest.csv"" "exit"


As mentioned, each fingerprint needs to be separated by a semi-colon, but the ENTIRE set of fingerprints only requires one open and one close quote.

It should look something like this (where key#1 and key#2 are the actual keys you wanted to use):

"ssh-rsa 1024 key#1;ssh-rsa 1024 key#2"

Reply with quote

HappyChappy
Joined:
Posts:
10

same error :? :(

changed code to

getting same error :? :(

changed code to

%SECUREFTP% /log="E:\Client\Logs\test.log" /command "option batch abort" "open -timeout=60 sftp://Username:Password@111.111.111.1:22/test/ -hostkey="ssh-rsa 1024 x2:v4:n6:f8:z1:c3:65:77:45:32:98:8b:7b:09:9j:s0;ssh-rsa 1024 g5:v4:n6:p8:z1:c3:88:77:45:xj:98:8b:7b:h9:9j:s0"" "put -transfer=ascii -nopreservetime -nopermissions -delete "E:\Host\Primary\Test\fingerprinttest.csv"" "exit"

& still get error

. 2016-10-13 15:40:16.994 Startup conversation with host finished.
< 2016-10-13 15:40:16.994 Script: Active session: [1] Username@111.111.111.1
> 2016-10-13 15:40:16.995 Script: 1024
< 2016-10-13 15:40:16.995 Script: Unknown command '1024'.
. 2016-10-13 15:40:16.995 Script: Failed
. 2016-10-13 15:40:16.995 Script: Exit code: 1
. 2016-10-13 15:40:16.995 Closing connection.

Reply with quote

Chris David
Joined:
Posts:
14

HappyChappy wrote:

same error :? :(

changed code to

getting same error :? :(

changed code to

%SECUREFTP% /log="E:\Client\Logs\test.log" /command "option batch abort" "open -timeout=60 sftp://Username:Password@111.111.111.1:22/test/ -hostkey="ssh-rsa 1024 x2:v4:n6:f8:z1:c3:65:77:45:32:98:8b:7b:09:9j:s0;ssh-rsa 1024 g5:v4:n6:p8:z1:c3:88:77:45:xj:98:8b:7b:h9:9j:s0"" "put -transfer=ascii -nopreservetime -nopermissions -delete "E:\Host\Primary\Test\fingerprinttest.csv"" "exit"

& still get error

. 2016-10-13 15:40:16.994 Startup conversation with host finished.
< 2016-10-13 15:40:16.994 Script: Active session: [1] Username@111.111.111.1
> 2016-10-13 15:40:16.995 Script: 1024
< 2016-10-13 15:40:16.995 Script: Unknown command '1024'.
. 2016-10-13 15:40:16.995 Script: Failed
. 2016-10-13 15:40:16.995 Script: Exit code: 1
. 2016-10-13 15:40:16.995 Closing connection.

I know this doesn't solve your multiple fingerprint issue, but use the EXACT same command line, but as a test, revert to using only ONE fingerprint to see if you still have an error message.

Reply with quote

Chris David
Joined:
Posts:
14

HappyChappy wrote:

if i take out the -hostkey"<key>;<key>" it works fine

Just to add. The web page below:

https://winscp.net/eng/docs/commandline

clearly states that it can be done:

"Parameter /hostkey specifies fingerprint of expected SSH host key (or several alternative fingerprints separated by semicolon). It makes WinSCP automatically accept host key with the fingerprint."

Your problem is most likely elsewhere in that entire command line (it doesn't look correct to me just by seeing double quotes in certain places for example).

Reply with quote

HappyChappy
Joined:
Posts:
10

got it :)

according to the link above you posted: "any script command argument that includes spaces is expected to be surrounded by double-quotes within the command"

so I changed the code to (triple quotes in a row :) ):

%SECUREFTP% /log="E:\Client\Logs\test.log" /command "option batch abort" "open -timeout=60 sftp://Username:Password@111.111.111.1:22/test/ -hostkey=""ssh-rsa 1024 x2:v4:n6:f8:z1:c3:65:77:45:32:98:8b:7b:09:9j:s0;ssh-rsa 1024 g5:v4:n6:p8:z1:c3:88:77:45:xj:98:8b:7b:h9:9j:s0""" "put -transfer=ascii -nopreservetime -nopermissions -delete "E:\Host\Primary\Test\fingerprinttest.csv"" "exit"

and it works now!

Thanks for the pointers guys

Reply with quote

Chris David
Joined:
Posts:
14

HappyChappy wrote:

got it :)

according to the link above you posted: "any script command argument that includes spaces is expected to be surrounded by double-quotes within the command"

so I changed the code to (triple quotes in a row :) ):

%SECUREFTP% /log="E:\Client\Logs\test.log" /command "option batch abort" "open -timeout=60 sftp://Username:Password@111.111.111.1:22/test/ -hostkey=""ssh-rsa 1024 x2:v4:n6:f8:z1:c3:65:77:45:32:98:8b:7b:09:9j:s0;ssh-rsa 1024 g5:v4:n6:p8:z1:c3:88:77:45:xj:98:8b:7b:h9:9j:s0""" "put -transfer=ascii -nopreservetime -nopermissions -delete "E:\Host\Primary\Test\fingerprinttest.csv"" "exit"

and it works now!

Thanks for the pointers guys

You do realize that double quotes means this -> "

It does NOT mean this -> ""

Even if the command line is working, there is still something that looks very odd about it. I don't use command line scripts for what I do, I use the NET assembly, but if you gave me a temporary username/password I would be able to figure it out. Nonetheless, if you are happy with what you have then don't worry about it. Take care.

Reply with quote

Advertisement

You can post new topics in this forum